Re: [squid-users] ACLs to direct request to proper parent?

From: Amos Jeffries <squid3@dont-contact.us>
Date: Tue, 23 Oct 2007 11:54:55 +1300 (NZDT)

> I've recently installed a Squid 2.6STABLE16 system in a country that
> requires all web browsing to go through a government-specified proxy
> server. The Government runs a non-transparent proxy setup that must be
> explicitly listed in the Squid configuration.
>
> That would normally be easy, as all I'd do is list the Governement proxy
> as a parent. However, I have three types of traffic I'd like to direct
> to different places:
>
> 1. Traffic that should be virus-scanned before delivering to
> the client.
> 2. Traffic that should not be virus-scanned such as web
> conferencing.
> 3. Traffic that is internal and should not be virus scanned or
> given to the Government proxy.
>
> Here's what I have so far:
>
> cache_peer 127.0.0.1 parent 8080 7 name=vscan no-query no-digest
> default
> cache_peer govproxy parent 3128 7 no-query no-digest
>
> cache_peer_domain vscan !.pressaccess.com !.presentonline.com
> cache_peer_domain vscan !.interactconferencing.com !.raindance.com
> cache_peer_domain vscan !.mshow.com !.placeware.com
> cache_peer_domain vscan !.ilearning.com !.kindercam.com
> !.fidelity.com
> cache_peer_domain vscan !.lexisnexis.com !data.finlistics-vm.com
> cache_peer_domain vscan !library.midicorp.com
> cache_peer_domain vscan !.finance.yahoo.com !.tenrox.com
> !.riskadvisory.com
>
> acl internal-dst dst 10.0.0.0/255.0.0.0
> acl internal-dst dst 172.16.0.0/255.240.0.0
> acl internal-dst dst 192.168.0.0/255.255.0.0
> always_direct allow internal-dst
>
> I'd like to bypass the virus scanner for more things than just domain
> lists. I'd like to be able to use an ACL like:
> acl novirus-url urlpath_regex -i \.gif(\?.*)?$ \.jpg(\?.*)?$
> \.png(\?.*)?$
> acl novirus-url urlpath_regex -i \.mpe?g(\?.*)?$ \.avi(\?.*)?$
> \.swf(\?.*)?$
> acl novirus-url urlpath_regex -i \.qt(\?.*)?$ \.mov(\?.*)?$
> \.as[fx](\?.*)?$
> acl novirus-url urlpath_regex -i \.rm(\?.*)?$ \.wm[av](\?.*)?$
> \.mp3(\?.*)?$
> acl novirus-url urlpath_regex -i \.m4[avp](\?.*)?$ \.mp4v?(\?.*)?$
> acl novirus-url urlpath_regex -i \.wav(\?.*)?$
> And then use that ACL to bypass the virus scanner and go directly to the
> Government proxy. I didn't see anything in Squid 2.6STABLE16 that would
> do what I need. Am I missing something?

Yes. cache_peer_access

Amos
Received on Mon Oct 22 2007 - 16:54:58 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT